adding emails (ports and secure connection)

[snailcoach]

Hi,
Two questions.

I was looking for information on why my email from my service provider only uses port 587 which only works with STARTTLS -not very secure connection. I phoned them and was told I cannot use SSL/TLS connection because they do not support Thunderbird.

They've stated, 'If your email software is not listed, you can attempt to set it up yourself using the support options offered by your software manufacturer'

What is Thunderbird's option / alternative, please?

The other question is, both my Yahoo! and Gmail emails uses port 465 with SSL/TLS for the outgoing, is that okay and if I add more Gmail addresses, is it okay to use port 465 for all of them?

[tanstaafl]

There is nothing wrong with using StartTLS except that you need to rely upon your email client returning a fatal error if it can not automatically convert the insecure connection to a secure connection, rather than silently ignoring the error and continuing to use the insecure connection. Supposedly Thunderbird does the right thing. I know it has in the past but due to regression errors there is always doubt. That's why I use SSL/TLS instead if its an option.

The main issues with SSL/TLS support is that Thunderbird (like most email clients/browsers nowadays) actually only supports TLS (due to the poodle attack making SSL v3 too risky to use), and that the mail server might use too small a cipher. I believe it has to be greater than 768 bits. If you can make a secure connection using webmail then Thunderbird probably will not have a problem as both Firefox and Thunderbird have the same restrictions.

https://bugzilla.mozilla.org/show_bug.cgi?id=1184488

[tanstaafl]

"The other question is, both my Yahoo! and Gmail emails uses port 465 with SSL/TLS for the outgoing, is that okay and if I add more Gmail addresses, is it okay to use port 465 for all of them?"

I do. Seems to work fine. However, if you are literally using the same Gmail SMTP server (rather than configuring a similar SMTP server for the account) for more than one account "The Gmail SMTP server will ignore whatever From: address you supply unless you add it in the Gmail web page at Setting -> Accounts -> "Add another email address"." As a precaution I register all of the other Gmail email addresses (and my main accounts email address, which is with fastmail) with each Gmail webmail. Only takes a minute and means there is one less thing to worry about.

[snailcoach]

The main issues with SSL/TLS support is that Thunderbird (like most email clients/browsers nowadays) actually only supports TLS (due to the poodle attack making SSL v3 too risky to use), and that the mail server might use too small a cipher. I believe it has to be greater than 768 bits. If you can make a secure connection using webmail then Thunderbird probably will not have a problem as both Firefox and Thunderbird have the same restrictions. -didn't get that part . . . You mean if I'm able to access my email from google for gmail and my provider's site?

https://bugzilla.mozilla.org/show_bug.cgi?id=1184488

First, thanks for responding to both questions.
The options I see in TB for secure connection are: None, SSL/TLS and STARTTLS. Do you mean when the SSL/TLS option is chosen, that TB ignores the SSL part of that option and uses TLS only?

[tanstaafl]

Yes. SSL v3 is no longer safe to use due to a fundamental flaw in the protocol. This was discovered about 2 years ago. This doesn't effect just email clients, it also effects browsers. See https://blog.mozilla.org/security/2014/ ... f-ssl-3-0/